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1 . \CUKRENTLY AMENDED) A network multiplexing and tunneling system, comprising 
[at least two\devices connected across a network by a secure connection created at a user-level, 
wherein the\ecure connection is a single encrypted Secure Sockets Layer (SSL) Transmission 
Control Proticol (TCP) connection, each of the devices authenticates the other device after the 
secure connection is opened, aed at least one of the devices multiplexes other connections through 
the secure collection after both the devices have been authenticated , and either endpoint; of the 
secure connerrio^ can receive connection requests. 

2. (ORIGIHAL) The system of claim 1, wherein the other connections are selected from a 
group comprising Transmission Control Protocol CTCP) and UDP (User Datagram Protocol) 
connections. 

3. (ORIGINAL) The system of claim l f wherein the secure connection is symmetric. 

4. (CANCELLED) 



5. (ORIGINAL) The sVstem of ^™ i f wherein either endpoint of the secure connection 
can receive data. 

6. (ORIGINAL) The systeV of claim 1, farther comprising means for maintainin g send 
buffets on each endpoint 



7. (ORIGINAL) The system oXclaim 1, further comprising means for forwarding data 
through the secure connection when there are sufficient send buffers for receiving the forwarded 
data on the other endpoint. 

8. (ORIGINAL) The system of clairrV 1, further comprising means for queuing data received 
at each endpoint 



9. (ORIGINAL) The system of claim 8, fWher comprising means for dispatching the 
queued data at each endpoint to its final destinatior 
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10. (ORIGINAL) TheWstem of claim 9, further comprising means for acknowledging 
receipt of the data after the quehed data is dispatched to its final destination, thereby cracking usage 
of buffers at the endpoint. 

11. (ORIGINAL) The system of claim 1, further comprising means for buffering data 
transmitted through the multiplexed other connections for flow control through the secure 
connection. 

12. (ORIGINAL) The systerA of claim 1, further comprising means for resolving domain 
names through the secure connection! 

13. (ORIGINAL) The system df claim 1, further comprising means for operating the secure 
connection according to a mode selected from a group comprising a standalone proxy mode, a 
packet filter mode, and a SOCKetS server (SOCKS) mode. 



14. (ORIGINAL) The system of ilaira 1, wherein the endpoints comprise a Portal and a 



Gate. 



15. (ORIGINAL) The system of claim 14, wherein the Gate comprises a server executed by 
a firewall bastion host computer. 

16. (ORIGINAL) The system of claim\H wherein the Portal comprises a client executed by 
a user's computer. 

17. (ORIGINAL) The system of claim 1 A further comprising means for accessing an Intranet 
from the Internet using the secure connection. 

18. (ORIGINAL) The system of claim 17, rWther comprising means for creating a 
connection from a Portal on a client computer on the Internet to a Gate on a firewall bastion host 
computer on the Intranet through the secure connec 
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19. (ORIGINAL) The system of claim 17i farther comprising means for exciting a 
connection from a Portia on a client computer oi the Internet to a proxy on a firewall bastion host 
computer on the Intranet through the secure connection and from the proxy to a Gate on a host 
computer on the Intranet through the secure connection. 

20. (ORIGINAL) The system of claird 17, further comprising means for creating a 
connection from a Portal on a client computer on the Internet to a packet filter on a firewall bastion 
host computer on the Intranet through the sfecure connection and from the packet filer to a Gate on 
a host computer on the Intranet through the secure connection. 

21. (ORIGINAL) The system of fclaim 1, further comprising means for accessing the 
Internet from an Intranet using the secure connection. 

22. (ORIGINAL) The system of claim 21, further comprising means for creating a 
connection from a Portal on a client Computer on the Intranet to a Gate on a host computer on the 
Internet through the secure connection. 

23. (ORIGINAL) The systcfm of claim 21, further comprising means for creating a 
connection from a Portal on a firewall bastion host computer on the Intranet to a host computer on 
the Internet through the secure connection. 

24. (ORIGINAL) The syfetcm of claim 21, further comprising means for creating a 
connection from a Portal on a ctient computer on the Intranet to a proxy on a firewall bastion host 
computer on the Intranet through the secure connection and from the proxy to a Gate on a host 
computer on the Internet through the secure connection. 

25. (ORIGINAL) The/system of claim 21, further comprising means for creating a 
connection from a Portal on d client computer on the Intranet to a packet filter on a firewall bastion 
host computer on the Intranet through the secure connection and from the packet filer to a Gate on 
a host computer on the Internet through the secure connection. 
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26. (ORIGINAL) The system of claim 1, further comprising means for accessing a first 
Intranet from a second Intranet across the Internet using ^ie secure connection. 

27. (ORIGINAL) The system of claim 26, further comprising means for creating a 
connection from a Portal on a client computer on the first Intranet to a Gate on a firewall bastion 
host computer on the first Intranet through the secure connection, and from the Gate on the 
firewall bastion host computer on the first IntxanetAhrough the Internet ro a Gate on a firewall 
bastion host computer on the second Intranet through the secure connection, and from the Gate on 
the firewall bastion host computer on the secon^ Intranet to a host computer on the second 
Intranet through the secure connection. 

28. (ORIGINAL) The system of claim 1, wherein records are exchanged between the 
eodpoints of the secure connection. 

29. (ORIGINAL) The system oycktrn 28, wherein the records are selected from a group 
comprising; UsherOpen, UsherOpenRtfply, UshcrScnd, UsherClosc, UshcrScndUdp, UsherAck, 
UsherEnd, and UsherRST records. 

30. (ORIGINAL) The sysram of claim 29, wherein the UsherOpen records are sent by a 
Portal to a Gate to open a Transmission Control Protocol (TCP) connection. 

31. (ORIGINAL) The System of claim 29, wherein the UsherOpenReply records are sent by 
a Gate to a Portal to respond to an UsherOpen record. 

32. (ORIGINAL) The system of claim 29, wherein the UsherSend records are sent by cither 
a Gate or a Portal to transmit data therebetween. 

33. (ORIGINAL^ The system of rUim 29, wherein the UsherAck records are sent by either a 
Gate or a Portal to acknowledge a receipt of data therebetween. 

34. (ORIGINS L) The system of claim 29, wherein the UsherAck records are not send when 
data received by either ^ Gate or a Portal is queued prior to being forwarded to its destination. 
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35. (ORIGINAL) The system of claim 29, wherein the UsherAck records are sent only when 
data received by cither a Gate or a Portal has bfeen forwarded to its destination. 

36. (ORIGINAL) The system of claim 29, wherein the UsherCiosc records are sent by either 
a Gate or a Portal to terminate a session. 

37. (ORIGINAL) The system of/claim 29, wherein the UsherSendUdp records arc sent by 
either a Gate or a Portal to transmit UIXP (User Datagram Protocol) packets therebetween. 

38. (ORIGINAL) The system/of claim 29, wherein the UsherEnd records are sent by either 
a Gate or a Portal to terminate a multiplexed other connection. 

39. (ORIGINAL) The systefti of claim 29 t wherein the UshcxRST records arc sent by either 
a Gate or a Portal to reset a multiplexed other connection. 

40. (CURRENTLY AMENDED) A transmission media communicating data via a secure 
connection created at a user-level between two endpoints in a network, wherein the secure 
connection k a single encrypted/Secure Sockets Layer (SSL) Transmission Control Protocol (TCP) 
connection, each of the endpoihts authenticates the other device after the secure connection is 
opened, aed at least one of thi endpoints multiplexes other connections through the secure 
connection after both the endpoints have been flnrfrgnrirgtgd, and either endpoint of the secure 
connection can receive con/ecrion requests . 

41. (ORIGINAL/ The transmission media of claim 40, wherein the other connections are 
selected from a group comprising Transmission Control Protocol (TCP) and UDP (User Datagram 
Protocol) connections J 

42. (ORlGIr^L) The transmission media of claim 40, wherein the secure connection is 
symmetric. 

43. (CANCELLED) 
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44. (ORIGINAL) The tcansmissior/ media of claim 40, wherein either endpoint of the secure 
connection can receive data. 

45. (ORIGINAL) The transmission media of claim 40, further comprising maintaining send 
buffers on each endpoinr. 

46. (ORIGINAL) The transmission media of claim 40, further comprising forwarding data 
through the secure connection when there are sufficient send buffers for receiving the forwarded 
data on the other endpoint. 



47. (ORIGINAL) The i 
received at each endpoint. 



its si on media of claim 40, furtht* comprising queuing data 



ft- 



48. (ORIGINAL) The tansmission media of claim 47, further comprising dispatching the 
queued data at each endpoint ip its final destination. 

49. (ORIGINAL) Thb transmission media of claim 48, further comprising acknowledging 
receipt of the data after the <Jueued data is dispatched to its final destination, thereby tracking usage 
of buffers at the endpoint. 

50. (ORIGINAL) The transmission media of claim 40, further comprising buffering data 
transmitted through the multiplexed other connections for flow control through the secure 
connection. 

51. (ORIGINAL) The transmission media of Haim 40, further comprising resolving domain 
names through the secure connection. 

52. (ORIGINAL) The transmission media of f laim 40, further comprising operating the 
secure connection according to a mode selected from a group comprising a standalone proxy mode, 
a packet filter mode/ and a SOCKetS server (SOCKS) mode. 
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53. (ORIGINAL) The transmission media of claim 40, wheifdn the endpoints comprise a 
Portal and a Gate. 

54. (ORIGINAL) The transmission media of claim 53, therein the Gate comprises a server 
executed by a firewall bastion host computer. 

55. (ORIGINAL) The transmission media of daW53, wherein the Portal comprises a client 
executed by a user's computer. 

56. (ORIGINAL) The transmission media of yflaim 40, further comprising accessing an 
Intranet from the Internet using the secure connection. 



(V 



57. (ORIGINAL) The transmission mecH4 of claim 56, further comprising creating a 
connection frorn a Portal on a client computeryOn the Internet to a Gate on a firewall bastion host 
computer on the Intranet through the secure connection. 

58. (ORIGINAL) The transmission media of claim 56, further comprising creating a 
connection from a Portal on a client computer on the Internet to a proxy on a firewall bastion host 
computer on the Intranet through the /ecure connection and from the proxy to a Gate on a host 
computer on the Intranet through the secure connection. 



59. (ORIGINAL) The transmission media of claim 56, further comprising creating a 
connection from a Portal on a client computer on the Internet to a packet filter on a firewall bastion 
host computer on the Intranet through the secure connection and from the packet filer to a Gate on 
a host computer on the Intrar/et through the secure connection. 

60. (ORIGINAL) The transmission media of claim 40, further comprising accessing the 
Internet from an Intranet using the secure connection- 



61. (ORIGINAL) The transmission media of claim 60, further comprising creating a 
connection from a Poipl on a client computer on the Intranet to a Gate on a host computer on the 
Internet through the gecure connection. 
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6Z (ORIGINAL) The transmission media of claim 60, further comprising creating a 
connection from a Portal on a firewall bastion host computer on pie. Intranet to a host computer on 
the Internet through the secure connection. 

63. (ORIGINAL) The transmission media of claim 60, further comprising creating a 
connection from a Portal on a client computer on the mtxaiet to a ptoxy on a firewall bastion host 
computer on the Intranet through the secure connection and from the proxy to a Gate on a host 
computer on me Internet through the secure connectioi 

64. (ORIGINAL) The transmission media of&dm 60, further comprising creating a 
connection from a Portal on a client computer on We Intranet to a packet filter on a firewall bastion 
host computer on the Intranet through the secure/connection and from the packet filer to a Gate on 
a host computer on the Internet through the secure connection. 

65. (ORIGINAL) The transmission^ media of claim 40, further comprising accessing a first 
Intranet from a second Intranet across the Internet using the secure connection. 

66. (ORIGINAL) The transrnission media of claim 65, further comprising creating a 
connection from a Portal on a client/computer on the first Intranet to a Gate on a firewall bastion 
host computer on the first Intranet/through the secure connection, and from the Gate on the 
firewall bastion host computer on/the first Intranet through the Internet to a Gate on a firewall 
bastion host computer on the second Intranet through the secure connection, and from the Gate on 
the firewall bastion host computer on the second Intranet to a host computer on the second 
Intranet through the secure connection. j 



67. (ORIGINAL) The transmission media of claim 40, wherein records are exchanged 
between the endpoints of/the secure connection. 

68. (ORIGINAl) The transmission media of claim 67, wherein the records arc selected 
from a group comprising: UsherOpen, UsherOpenReply, UsherSend, UshexQose, UsherSendUdp, 
UsherAck, UsherEndJand UsherRST records. 
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69. (ORIGINAL) The transmission media of claim 68, wheicin rhe UsherOpen records are 
sent by a Portal to a Gate to open a Transmission Control Protoccft (TCP) connection, 

70. (ORIGINAL) The transmission media of claim 68Jwherein the UsherOpenReply 
records are sent by a Gate to a Portal to respond to an UsherOpen record. 

71. (ORIGINAL) The transmission media of claim 68, wherein the UsherSend records are 
sent by either a Gate or a Portal to transmit data therebetween. 

72. (ORIGINAL) The transmission media j6f claim 68, wherein the UsherAck records are 
sent by either a Gate or a Portal to acknowledge / receipt of data therebetween. 

73. (ORIGINAL) Tne transmission rrfcdia of claim 68, wherein the UsherAck records are 
not send when data received by either a Gaje or a Portal is queued prior to being forwarded to its 
destination. 

74. (ORIGINAL) The transmission media of claim 68, wherein the UsherAck records are 
sent only when data received by either/a Gate or a Portal has been forwarded to its destination. 

75. (ORIGINAL) The transmission media of claim 68, wherein the UsherClose records are 
sent by either a Gate or a Portal torterminate a session. 

76. (ORIGINAL) The transmission media of claim 68, wherein the UsherSendUdp records 
are seat by either a Gate or a Pdrtal to transmit UDP (User Datagram Protocol) packets 
therebetween. 



77. (ORIGINAL) ThJ transmission media of claim 68, wherein the UsherEnd records are 
sent by either a Gate or a Porial to terminate a multiplexed other connection. 

78. (ORIGINAL) The transmission media of claim 68, wherein the UsheiRST records are 
sent by either a Gate or a P< >rtal to reset a multiplexed other connection. 
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79. (CURRENTLY AMENDED) A method for network multir^cxing and tunneling, 
comprising: 

(a) opening a single Transmission Control Protocol (TCP) c/nnection at a user-level 
between at least two endpoints in the network; 

(b) establishing n ^rare connection using Secure Sockets' Layer (SSL) over the opened 
Transmission Control Protocol (TCP) coiinecuon^ wherein eiftei. endpoint of thff secure connection 
can receive connection requests; 

(c) mutually authenticating each of the endpoints ot the SSLTG ft secure connection; and 

(d) multiplexing other connections through the secure connection once both of the 
endpoints have been authenticated. 



a* 



80. (ORIGINAL) The method of ^im 79, ^herein the other connections are selected from 
a group comprising Transmission Control Protoco]/(TCP) and UDP (User Datagram Protocol) 
connections. 

81, (ORIGINAL) The method of claim t?9 t wherein the secure connection is symmetric 



82. (CANCELLED) 

83- (ORIGINAL) The method of cla^n 79, wherein either endpoint of the secure 
connection can receive data. 

84. (ORIGINAL) The method of claim 79, further comprising maintaining send buffers on 
each endpoint. 

85, (ORIGINAL) The method off claim 79, further comprising forwarding data through the 
secure connection when there are sufficient send buffers for receiving the forwarded data on the 
other endpoint 



86. (ORIGINAL) The method' of claim 79, further comprising queuing data received at each 
endpoint- 
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87. (ORIGINAL) The method of claim 86, further comprisk 
at each endpoint to its final destination. 



iisp arching the queued data 



88. (ORIGINAL) The method of claim 87, further comprising acknowledging receipt of the 
data after the queued data is dispatched to its final destination; thereby tracking usage of buffers at 
the endpoint. 

89. (ORIGINAL) The method of claim 79, further comprising buffering data transmitted 
through the multiplexed other connections for flow control through the secure connection. 

90. (ORIGINAL) The method of claim 79,yfurther comprising resolving domain names 
through the secure connection. 



91. (ORIGINAL) The method of claim 79, further comprising operating the secure 
connection according to a mode selected from a group comprising a standalone proxy mode, a 
packet filter mode, and a SOCKctS server (SOCKS) mode. 



92. (ORIGINAL) The method of claim 79, wherein the endpoints comprise a Portal and a 



Gate. 



93. (ORIGINAL) The method of rl-aim 92, wherein the Gate comprises a server executed by 
a firewall bastion host comput 

94. (ORIGINAL) 'Brie method of claim 92, wherein the Portal comprises a client executed 
by a user's computer. 



95. (ORIGINAL) The method of claim 79, further comprising accessing an Intranet from 
the Internet using the secure connection. 
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96. (ORIGINAL) The method of claim 95, further comprising cr earing^ connection from a 
Portal on a client computer on the Internet to a Gate on a firewall bastion hoyst computer on the 
Intranet through the secure connection. 

97. (ORIGINAL) The method of claim 95, further comprising oreaung a connection from a 
Portal on a client computer on the Internet to a proxy on a firewall bastion host computer on the 
Intranet through the secure connection and from the proxy to a Gate on a host computer on the 
Intranet through the secure connection. 

98. (ORIGINAL) The method of claim 95, further comprising creating a connection from a 
Portal on a client computer on the Internet to a packet filter on a firewall bastion host computer on 
the Intranet through the secure connection and from the packet filer to a Gate on a host computer 
on the Intranet through the secure connection, 

99. (ORIGINAL) Hie method of claim 79, futther comprising accessing the Internet from 
an Intranet using the secure connection. 

100. (ORIGINAL) The method of dainyfo, further comprising creating a connection from 
a Portal on a client computer on the Intranet tc/ a Gate on a host computer on the Internet through 
the secure connection. 

101. (ORIGINAL) The method oy claim 99, further comprising creating a connection from 
a Portal on a firewall bastion host computer on the Intranet to a host computer on the Internet 
through the secure connection. 

102. (ORIGINAL) The method of claim 99, further comprising creating a connection from 
a Portal on a client computer on th/ Intranet to a proxy on a firewall bastion host computet on the 
Intranet through the secure connection and from the proxy to a Gate on a host computer on the 
Internet through the secure connection. 

103. (ORIGINAL) The/method of claim 99, further comprising creating a connection from 
a Portal on a client computer oh the Intranet to a packet filter on a firewall bastion host computer 
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on the Intranet through the secure connection and &om the packet fiLfcr to a Gate on a host 
computet on die Internet through the secure connection. 

104. (ORIGINAL) The method of claim 79, further comprising accessing a first Intranet 
from a second Intranet across the Internet using the secure connection. 

105. (ORIGINAL) The method of claim 104, furthef comprising creating a connection from 
a Portal on a client computer on the first Intranet to a Gate/on a firewall bastion host computer on 
the first Intranet through the secure connection, and from/the Gate on the firewall bastion host 
computer on the first Intranet through the Internet to a Gate on a fixewaU bastion host computer on 
the second Intranet through the secure connection, andArom the Gate on the firewall bastion host 
computer on the second Intranet to a host computer on the second Intranet through the secure 
connection. 



106. (ORIGINAL) The method of claim If, wherein records are exchanged between the 
endpoints of the secure connection. 

107- (ORIGINAL) The method of darda 106, wherein the records are selected from a group 
comprising: UsherOpen, UsherOpenReply, UsherSend, UsherClose, UsherSendUdp, UshcrAck, 
UsherEnd, and UsherRST records. 



108. (ORIGINAL) The method of Jtlaim 107, wherein the UsherOpen records are sent by a 
Portal to a Gate to open a Transmission Control Protocol (TCP) connection. 

109. (ORIGINAL) The method fef claim 107, wherein the UsherOpenReply records are sent 
by a Gate to a Portal to respond to an UJsherOpcn record. 

110. (ORIGINAL) The methefa of claim 107, wherein the UsherSend records are sent by 
either a Gate or a Portal to transmit ditta therebetween. 



111. (ORIGINAL) The 
either a Gate or a Portal to 



methbd of claim 107, wherein the UsherAck records are sent by 
acknowledge a receipt of data therebetween. 
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112. (ORIGINAL) The method of claim 1 07, wherein the UsftierAck records are not send 
when data received by either a Gate or a Portal is queued prior to being forwarded to its destination. 

113. (ORIGINAL) The method of claim 107, wherein tlfe UsherAck records are sent only 
when data received by either a Gate or a Portal has been forwarded to its destination. 



114. (ORIGINAL) The method of claim 107, whereii the UsherOose records are sent by 
cither a Gate or a Portal to terminate a session. 

115. (ORIGINAL) The method of claim 107, whferein the UsherSendUdp records are sent 
by either a Gate or a Portal to transmit UDP (User Datagram Protocol) packets therebetween. 



116. (ORIGINAL) The method of claim 107, wherein the UsherEnd records are sent by 
either a Gate or a Portal to Terminate a multiplexecVother connection. 



117. (ORIGINAL) The method of ckimU07, wherein the UsherRST records are sent by 
either a Gate or a Portal to reset a multiplexed Athcr connection. 
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